Many years ago, someone designed a topology diagram similar to a "house"-like structure, which is called SONA in Cisco's documentation. This is a very magical design, suitable for small and medium-sized networks. The reason for this is that under this structure, if any access layer or aggregation layer switch goes down, the entire topology can still run normally, and the traffic will Automatically select the second reachable channel to continue sending and accepting. Of course, these all need to be pre-configured by net admin. To solve this problem, you must test whether the traffic on the other side can still pass if the traffic on one side is stopped. This is the premise, and then I suddenly thought, if one side of the traffic is really blocked, and all traffic is borne by one path, will it cause the other side to be blocked as well. Problems such as broadcast storm and port shutdown. Then the access layer of this structure still has a lot of port security to do, DHCP spoofing, nac admission, 802.xx authentication, loop guard, bpdu guard, sticky mac address, loop resolution, etc. Here we talk about dhcp fraud, loop Road problem, bpdu, I really have to say something.
The story goes like this, once upon a whim, I wanted to do an experiment and connect a loop device to a working campus network. According to a standard campus network, each dormitory campus, and even each dormitory building should have a vlan, and then I observed the building where I was located, there was only one access switch, so I easily configured the DHCP server, Do a good job of loop, access to the campus network. The guess here is that the DHCP server should not work. After all, the 82 protocol must be standard, and then at least the access port should be shut down. In theory, port recovery will not be configured. Hours later, I found that not only other access ports were pinged normally, but even the test access port was pinged normally. It was amazing. The guesswork completely collapsed here, and then I made possible configuration assumptions and came up with two possible guesses: 1. bpdu filter or 2, did not do any anti-loop.
However, this small and medium-sized network can involve a lot of equipment. This diagram is a two-layer structure, which looks very simple.
